In order to access this route, you must create the role `read:messages` in your ZITADEL project and also create an authorization for the service user you created by adding the role to the user. Follow these steps to do so:

1. Go to your project and select **Roles**. Click **New**.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/1.png)

2. Add the `read:messages` role as shown below and click **Save**.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/2.png)

3. You will see the created role listed.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/3.png)

4. To assign this role to a user, click on **Authorizations**.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/4.png)

5. Select the user you want to assign the role to.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/5.png)

6. Select the project where this authorization is applicable.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/6.png)
7. Click **Continue**.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/7.png)

8. Select the role **read:messages** and click **Save**.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/8.png)

9. You will now see the your service user has been assigned the role **read:messages**.

![Register the API](/img/examples/secure-api/service-user-jwt/scopes/9.png)